Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/BqfNJSeObGNlQj88_XyFrsF7j3w.roa
File: BqfNJSeObGNlQj88_XyFrsF7j3w.roa (raw, json)
Hash identifier: OppxpreSqVLsgprd5haTS+WILFbzIRXmBS6DD295XtE=
Subject key identifier: 06:A7:CD:25:27:8E:6C:63:65:42:3F:3C:FD:7C:85:AE:C1:7B:8F:7C
Certificate issuer: /CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Certificate serial: 0199BDCD73A40E8B2193172F62BB16207BFE
Authority key identifier: 50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/BqfNJSeObGNlQj88_XyFrsF7j3w.roa
Signing time: Tue 07 Oct 2025 08:33:02 +0000
ROA not before: Tue 07 Oct 2025 08:33:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8391
IP address blocks: 195.138.32.0/22 maxlen: 22
195.138.38.0/24 maxlen: 24
195.138.54.0/24 maxlen: 24
195.138.58.0/24 maxlen: 24
195.138.61.0/24 maxlen: 24
195.138.62.0/24 maxlen: 24
195.253.0.0/17 maxlen: 24
195.253.6.0/24 maxlen: 24
195.253.96.0/19 maxlen: 24
195.253.128.0/18 maxlen: 24
195.253.224.0/20 maxlen: 20
2a01:5b0::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.crl
rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.mft
rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:bd:cd:73:a4:0e:8b:21:93:17:2f:62:bb:16:20:7b:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Validity
Not Before: Oct 7 08:33:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=06a7cd25278e6c6365423f3cfd7c85aec17b8f7c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:2f:40:21:7c:7a:92:67:dc:29:cb:36:88:2f:
66:90:d8:8c:75:b1:3f:d7:6a:1a:ad:a7:39:8a:bb:
68:b0:16:b5:81:c6:9d:5a:d8:7f:67:2d:3b:dc:d9:
5b:a4:c7:5e:47:0a:9d:21:7f:1d:69:f1:e0:a0:f9:
e2:9f:aa:7f:22:56:47:ac:fc:30:54:ac:dd:fb:07:
69:98:ca:24:e4:cf:b9:5e:53:83:5c:28:85:d8:ed:
67:0c:9b:7c:80:2e:bd:dd:00:27:d1:93:c4:4b:66:
70:fd:b0:30:21:08:d9:6b:9f:27:cc:cd:1d:d5:11:
ef:81:93:23:52:2b:5f:7d:df:0c:af:01:05:14:ad:
8b:59:a0:68:18:7a:ea:34:69:dc:34:ea:7d:cf:89:
51:1e:71:39:d4:6a:89:1c:ce:57:a9:e6:a6:d9:1a:
0e:d3:45:7c:47:e7:5b:c4:10:f3:55:b3:39:ca:83:
df:f2:52:be:d9:80:b7:ec:76:30:d4:16:74:84:82:
5b:55:35:4f:44:ec:23:e9:9d:c8:af:63:8e:39:a6:
28:1c:2d:68:54:df:92:df:34:1e:ef:8a:a1:22:af:
c5:44:32:b2:0a:3c:c6:79:e8:df:a5:d3:4e:de:74:
17:7c:ed:06:12:f2:fd:7b:f1:88:2e:b2:8d:9a:f1:
1d:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:A7:CD:25:27:8E:6C:63:65:42:3F:3C:FD:7C:85:AE:C1:7B:8F:7C
X509v3 Authority Key Identifier:
keyid:50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/BqfNJSeObGNlQj88_XyFrsF7j3w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.138.32.0/22
195.138.38.0/24
195.138.54.0/24
195.138.58.0/24
195.138.61.0-195.138.62.255
195.253.0.0-195.253.191.255
195.253.224.0/20
IPv6:
2a01:5b0::/32
Signature Algorithm: sha256WithRSAEncryption
28:88:ec:b3:fd:98:2a:7d:e2:fb:a1:a4:56:d4:10:c7:99:56:
60:17:1e:cd:8d:a1:c3:63:4c:80:26:1e:da:a5:76:07:9c:63:
2b:d6:a9:6e:db:06:96:aa:d6:b2:59:40:74:a6:98:24:73:5e:
e9:56:18:89:42:bd:d8:2e:eb:df:3e:c2:94:f7:7d:a8:09:ab:
ff:2b:9c:10:1f:fe:f6:7f:7d:d7:d6:f0:4e:34:fb:77:57:10:
6b:63:01:16:26:62:64:a1:0e:6c:e7:84:ee:8c:e5:d7:18:b7:
2a:05:66:87:12:dd:2a:2e:a4:06:24:9c:29:2d:2f:2f:cf:a1:
66:30:a7:f9:ff:ce:fd:7f:6a:3f:4f:da:50:c0:0c:c0:e6:54:
2e:1b:a2:a3:90:44:4d:49:fb:24:1b:59:3c:53:12:09:16:c7:
b5:1d:94:f3:43:25:b0:0a:c7:09:7a:0e:3e:1b:3b:61:8f:e7:
6f:dc:97:24:d3:c4:a2:18:5e:ab:da:ec:c9:30:0b:e1:e1:f1:
c5:88:8d:24:fb:45:bf:02:66:39:fc:d3:fa:60:30:51:ee:e0:
79:3d:73:a4:ee:c0:a7:eb:3b:c7:b0:d7:cd:cf:9d:3f:c7:da:
17:d0:7b:9e:e0:a3:94:d6:97:b2:4d:57:bd:c8:17:4d:81:ab:
e1:78:5e:5f
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZm9zXOkDoshkxcvYrsWIHv+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYzFlNDI2ZjU4ZTQyYWUzMGU1NmNkYjdmZjRkOGY5ZGRk
ODViMzAwHhcNMjUxMDA3MDgzMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmE3Y2QyNTI3OGU2YzYzNjU0MjNmM2NmZDdjODVhZWMxN2I4ZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy9AIXx6kmfcKcs2iC9mkNiMdbE/
12oarac5irtosBa1gcadWth/Zy073NlbpMdeRwqdIX8dafHgoPnin6p/IlZHrPww
VKzd+wdpmMok5M+5XlODXCiF2O1nDJt8gC693QAn0ZPES2Zw/bAwIQjZa58nzM0d
1RHvgZMjUitffd8MrwEFFK2LWaBoGHrqNGncNOp9z4lRHnE51GqJHM5Xqeam2RoO
00V8R+dbxBDzVbM5yoPf8lK+2YC37HYw1BZ0hIJbVTVPROwj6Z3Ir2OOOaYoHC1o
VN+S3zQe74qhIq/FRDKyCjzGeejfpdNO3nQXfO0GEvL9e/GILrKNmvEd1wIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFAanzSUnjmxjZUI/PP18ha7Be498MB8GA1UdIwQY
MBaAFFDB5Cb1jkKuMOVs23/02Pnd2FswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMt
MDYzY2U2Y2Y0NjBkLzEvQnFmTkpTZU9iR05sUWo4OF9YeUZyc0Y3ajN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMtMDYzY2U2Y2Y0NjBk
LzEvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA/BAIAATA5AwQCw4ogAwQA
w4omAwQAw4o2AwQAw4o6MAwDBADDij0DBADDij4wCwMDAMP9AwQGw/2AAwQEw/3g
MA0EAgACMAcDBQAqAQWwMA0GCSqGSIb3DQEBCwUAA4IBAQAoiOyz/ZgqfeL7oaRW
1BDHmVZgFx7NjaHDY0yAJh7apXYHnGMr1qlu2waWqtayWUB0ppgkc17pVhiJQr3Y
LuvfPsKU932oCav/K5wQH/72f33X1vBONPt3VxBrYwEWJmJkoQ5s54TujOXXGLcq
BWaHEt0qLqQGJJwpLS8vz6FmMKf5/879f2o/T9pQwAzA5lQuG6KjkERNSfskG1k8
UxIJFse1HZTzQyWwCscJeg4+Gzthj+dv3Jck08SiGF6r2uzJMAvh4fHFiI0k+0W/
AmY5/NP6YDBR7uB5PXOk7sCn6zvHsNfNz50/x9oX0Hue4KOU1peyTVe9yBdNgavh
eF5f
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:31:38 2025 by rpki-client